{"id":39075249,"url":"https://github.com/cloud-gov/uaa-extras","last_synced_at":"2026-01-17T18:26:12.348Z","repository":{"id":41994235,"uuid":"58347129","full_name":"cloud-gov/uaa-extras","owner":"cloud-gov","description":"This application provides for platform invitations using the /invite_users UAA API endpoint and allowing password resets for cloud.gov IdP users","archived":false,"fork":false,"pushed_at":"2026-01-13T19:52:19.000Z","size":904,"stargazers_count":6,"open_issues_count":9,"forks_count":4,"subscribers_count":32,"default_branch":"main","last_synced_at":"2026-01-13T21:44:22.879Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloud-gov.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2016-05-09T03:55:42.000Z","updated_at":"2026-01-13T19:52:21.000Z","dependencies_parsed_at":"2024-04-18T16:46:09.031Z","dependency_job_id":"2092b329-30b8-40e2-b114-53fce02c0264","html_url":"https://github.com/cloud-gov/uaa-extras","commit_stats":null,"previous_names":["cloud-gov/uaa-extras","cloud-gov/cg-uaa-extras"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/cloud-gov/uaa-extras","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-gov%2Fuaa-extras","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-gov%2Fuaa-extras/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-gov%2Fuaa-extras/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-gov%2Fuaa-extras/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloud-gov","download_url":"https://codeload.github.com/cloud-gov/uaa-extras/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-gov%2Fuaa-extras/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28515466,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T17:57:59.192Z","status":"ssl_error","status_checked_at":"2026-01-17T17:57:52.527Z","response_time":85,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-17T18:26:12.247Z","updated_at":"2026-01-17T18:26:12.327Z","avatar_url":"https://github.com/cloud-gov.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# UAA Extras\n\nThis application recreates the invite functionality that previously existed in UAA by using the /invite_users API endpoint.\n\n## Installing the App\n\n### Step One: Determine the URL for your instance of UAA Extras\n\nYou'll need to know where the app is going to be hosted, so you can tell UAA about it in the next step.\n\nFor example, if you'll be deploying into Cloudfoundry on BOSH-lite your url would probably be \u003chttp://invite.bosh-lite.com/\u003e\n\n### Step Two: Create a client in UAA for this app\n\nThis application uses oauth to perform actions on your behalf in UAA.  To add a new oauth client in UAA, run the following command:\n\n```shell\nuaac client add uaa_extras_app \\\n --name \"UAA Extras\" \\\n --scope \"scim.invite,password.write,cloud_controller.read\" \\\n --authorized_grant_types \"client_credentials,authorization_code\" \\\n --authorities \"scim.read,uaa.admin,password.write\" \\\n --redirect_uri [url-from-step-one]/oauth/login \\\n -s [your-client-secret]\n```\n\nRemember the client-secret, you'll need it in step four.\n\nIf you are doing this within an already existing cloudfoundry deployment, you might want to create the user by editing your cf deployment with an opsfile like \u003chttps://github.com/18F/cg-deploy-cf/blob/master/bosh/opsfiles/clients.yml\u003e\n\n### Step Three: Create redis service instance\n\nEither create a locally running version of Redis, or create a service instance in Cloud Foundry if the app will be deployed there.\n\nTo create a service:\n\n```shell\ncf create-service redis32 standard-ha redis-accounts\n```\n\n### Step Four: Configure the app\n\nThe configuration is entirely read from environment variables. Edit the manifest.yml files and update your settings as neccessary. Download a copy of \u003chttps://raw.githubusercontent.com/GSA/data/master/dotgov-domains/current-federal.csv\u003e and place into `uaaextras/static`\n\n### Step Five: Launch the app\n\n#### Running in Cloud Foundry\n\nThis app was designed to deploy in Cloud Foundry:\n\n```shell\ncf push\n```\n\n## Local Development\n\nCommon development tasks are automated via the `dev` script.\n\n### Development quickstart\n\n1. Ensure you have pyenv and tox installed in isolated environments (e.g. install them with pipx)\n2. Run `./dev venv` to bootstrap your virtualenvironment\n3. Run tests with `./dev test`\n\nRun tests with `./dev test`\n\n### Dependency management\n\nThis project uses `pip-tools` for dependency management.\n\nAbstract requirements live in pip-tools/requirements.in and pip-tools/requirements-dev.in.\nConcrete requirements live in requirements.txt and requirements-dev.txt.\n\nTo add new requirements or pin versions, edit pip-tools/requirements.in and/or pip-tools/requirements-dev.in\nthen run `./dev update-requirements`\n\nTo bump versions, run `./dev upgrade-requirements`\n\nAfter changing dependencies, you probably want to run `./dev clean`, which will recreate your virtuanenvironment\nand clear your tox cache.\n\n### Troubleshooting\n\nIf you run into an issue with `psycopg2` and you're working on a Mac running\nCatalina or higher, make sure you've done the following:\n\n- `brew install postgresql@12` and add the location to your path\n- `brew install openssl@1.1` and add the location to your path\n\nNote that `psycopg2` currently doesn't support PostgreSQL 13.x\n(\u003chttps://www.psycopg.org/docs/install.html#prerequisites\u003e), and PostgreSQL 13.x\nisn't available in AWS GovCloud yet, either.\n\nThen export two environment variables in your current shell session:\n\n- `export LDFLAGS=\"-L/usr/local/opt/openssl/lib\"`\n- `export CPPFLAGS=\"-I/usr/local/opt/openssl/include\"`\n\nTo get a local server up, run the following command. Make sure you\nproperly setup the environment variables mentioned above in the\ndocumentation.\n\n```shell\n./debug.py\n```\n\n### Configuring UAA Invites to leverage cloud.gov IdP\n\nBecause of the redirect that occurs for setting up cloud.gov multi-factor\nauthentication, the `IDP_PROVIDER_URL` must match what is coming from the UAA\nlogin screen under `cloud.gov`.\n\n![cloud.gov login button](./docs/cloud-gov-idp-screenshot.png)\n\n#### A bit on the `/first-login` route\n\nThe `/first-login` route is used to redirect users with an origin of `cloud.gov`\nto the cloud.gov IdP provider. This route is used to set the user's origin to\n`cloud.gov` and the `externalId` to their `userName`. On a successful update of\nthe user, `cg-uaa-extras` will redirect to the `IDP_PROVIDER_URL` to complete\nthe user's authentication and TOTP token creation. This is why the URL from the\nscreenshot above is necessary for the `IDP_PROVIDER_URL`.\n\n### Running tests\n\nTests are run using `tox` and `flake8`.\n\n```shell\npip install tox\n```\n\nTo run the tests, simply run `tox` from the root of the repository. If you run\ninto the same `psycopg2` setup issue as noted above in local development, make\nsure you've followed the same steps and add the following line to each env\nsetting in the `tox.ini` file:\n\n`setenv = LDFLAGS = \"-L/usr/local/opt/openssl/lib\"`\n\n## Deployment\n\nThis repository leverages [Concourse](https://concourse-ci.org). The configuration\nfiles all reside in the `ci/` directory. All pull requests should have `staging`\nas a base branch which will automatically trigger a deployment for the staging\njob. Once development is stable on `staging`, create a new pull request\npromoting all the changes on `staging` to `master` to deploy the application in\nthe production environment.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloud-gov%2Fuaa-extras","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloud-gov%2Fuaa-extras","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloud-gov%2Fuaa-extras/lists"}